# When Disaster Strikes: Cyber Edition

A standalone, browser-based tabletop exercise game for K-12 technology leaders. No server, no install, no dependencies — open the HTML file and play.

## What It Is

An interactive adaptation of the original [*When Disaster Strikes*](https://blog.tcea.org/when-disaster-strikes-part-3/) game by [Miguel Guhlin (@mguhlin)](https://mguhlin.org), extended with cybersecurity and incident response scenarios aligned to **NIST CSF 2.0** and **CISA** guidance.

Designed for CTOs, Directors of Technology, campus administrators, and IT staff in K-12 school districts.

## How to Use

1. Download `when-disaster-strikes.html`
2. Open it in any modern browser
3. No internet connection required for the scenario library — internet is only needed for AI-generated scenarios

## Features

- **40 scenario cards** covering ransomware, phishing, MFA attacks, data breaches, natural disasters, insider threats, and more
- **AI scenario generator** — creates new scenarios on demand using the Anthropic API
- **CISA-aligned response guidance** on every card (immediate actions + preventive controls)
- **NIST CSF 2.0 quick reference** with all 6 functions (GV, ID, PR, DE, RS, RC)
- **Anatomy of a Response** framework (RTO, likelihood, impact, stakeholders, recovery)
- **Dice roller** for team advancement
- Filterable scenario library by type: Cyber Attack, Physical, Human Factor, Natural Disaster, Mixed

## External Resources

- [NIST Cybersecurity Framework 2.0](https://www.nist.gov/cyberframework)
- [CISA Tabletop Exercise Packages (CTEPs)](https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages)
- [CISA K-12 Cybersecurity](https://www.cisa.gov/K12)
- [StopRansomware.gov](https://www.cisa.gov/stopransomware)

## License

Creative Commons Attribution-ShareAlike. For educational purposes.

Original game concept: [TCEA TechNotes — "When Disaster Strikes"](https://blog.tcea.org/when-disaster-strikes-part-3/) by Miguel Guhlin (@mguhlin)